Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Misleading AuctionSettled Event Emission on Every Bid

kavindalw

Root + Impact

Description

  • Normal behavior: AuctionSettled must only be emitted when an auction has actually been finalised and the sale executed.

  • Issue: The contract emits AuctionSettled in placeBid() on every bid, misleading observers into thinking the auction is settled when it is not.

require(msg.sender != previousBidder, "Already highest bidder");
@> emit AuctionSettled(tokenId, msg.sender, listing. Seller, msg.value);

Risk

Likelihood:

  • Every time a bid is placed (high frequency).

  • Any frontend or off-chain watcher that uses events to update UI will see a misleading status.

Impact:

  • Frontend misrepresentation: auctions may appear settled when still in progress, causing confusion and possible incorrect user actions.

  • While funds/state are not directly compromised, user trust and UX suffer.

Proof of Concept

market.placeBid{value: 0.02 ether}(tokenId);
// Frontend may detect AuctionSettled event before auction actually ends

Explanation:

Shows that frontends can incorrectly treat the auction as settled, affecting UI/UX and user trust.

Recommended Mitigation

- emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);
+ // Remove this emission; emit only in _executeSale() after final transfer

Explanation:

Only emitting after _executeSale() ensures accurate representation of auction settlement.

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Incorrect Event Emission

placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!